[Openswan Users]

Paul Wouters paul at xelerance.com
Fri Aug 12 18:52:11 CEST 2005


On Fri, 12 Aug 2005, bigred at teksavvy.com wrote:

> Here's my connection description:
>
> conn my-connection
>        authby=rsasig
>        leftid=@freeswan-gateway.kpsi.com
>        leftrsasigkey=a rsasig
>        left=a.b.c.d
>        leftsubnet=0.0.0.0/0
>        rightsubnet=172.26.47.0/24
>        rightid=@9997.kpsi.com
>        rightrsasigkey=a different rsasig
>        right=%defaultroute
>        auto=start
>
> The linux box is connected to a PPPOE based dsl connection that gives me an IP of e.f.g.h and a default gateway of w.x.y.z.
> The internal interface IP is 172.26.47.100.
>
> When the tunnel is down I can ssh to e.f.g.h fine.  When the tunnel is up, I can't ssh to e.f.g.h but can
> (obviously using the tunnel) ssh to 172.26.47.0/24.  As a test, I changed leftsubnet=0.0.0.0/0 to 192.168.1.0/24
> (and made the corresponding changes on the other end) and I could ssh to e.f.g.h regardless of whether the tunnel
> was up or down.

Are you trying to ssh from the remote VPN endpoint? I do not understand the
issue still. I have servers connecting that receive a subnet and use a
rightsubnet=0.0.0.0/0 but I could always just reach the server by either its
real PPPOE IP address, or one of the IP's from the subnet it used itself.

Are you using: include /etc/ipsec.d/examples/no_oe.conf to disable OE?

You can try adding a passthrough conn :

conn exclude-remote
             authby=never
             left=e.f.g.h
             right=%any
             type=passthrough
             auto=route


More information about the Users mailing list